<?php 
namespace Admin\Controller;
use Hdphp\Library\Controller;


Class LoginController extends Controller{

	public function index(){
		if(IS_POST){

			$verify=strtoupper(htmlspecialchars($_POST['verify']));
			$uname=htmlspecialchars($_POST['userName']);
			$pwd=md5($_POST['psd']);
			if( $verify != $_SESSION['code']){
				$this->error('验证码不正确');
			}

			$sql="SELECT * FROM hd_admin WHERE username='{$uname}' ";
		
			$user=M()->query($sql);

			if($user[0]['lock']==1) $this->error('您的账户锁定,请与管理员联系');

			if($user[0]['passwd'] != $pwd) $this->error('用户名或者密码错误');

			if( $user=M()->query($sql) ){

				$_SESSION['admin_uname']=$uname;
				$_SESSION['admin_aid']=$user[0]['aid'];
				$_SESSION['admin_time']=time();
				$_SESSION['admin_loginIp']=$_SERVER['REMOTE_ADDR'];
				$sql="UPDATE hd_admin SET logintime='{$_SESSION['admin_time']}',loginip='{$_SESSION['admin_loginIp']}' WHERE username='{$uname}' ";
				M()->exec($sql);

				$this->success('登录成功','./index.php?m=admin');
			}else{
				$this->error('用户名或者密码错误');
			}
		}

		$this->display();
	}

	public function code(){
		$code =new \Hdphp\Tool\code(1,80,25,null,16);
		$code->show();

	}

	public function out(){

		session_unset();
		session_destroy();
		$this->error('退出成功','./index.php?m=admin&c=login');
	}

}

 ?>